Session stealers.

The Professor · 03-06-2007, 05:32 PM

I think an announcement should be made as a warning, and explaining exactly what it is, how it works and how to avoid it. Because I have no idea, and judging from this thread most other people dont either

beau03 · 03-06-2007, 08:34 PM

There's a lot of 'session stealer' sites around this second and they are VERY VERY dangerous.

basically they encode something into the habbo credits page (via a variable exploit) which sends the information about your habbo account (typically the session id) which can be used to gain control of your account.

So don't click any links that you aren't 100% secure with clicking at all. If you find yourself maliciously redirected to one of these sites you might not even realise. If you've got doubts right click and see if there's anything to do with a habbo credits page in the source. If there is; leave it and change your pass and email and email pass IMMEDIATELY.

This exploit is active on ALL hotels currently.

Habbox has to
filter these terms: ********* - *********

so it doesnt happen to Habbox

**today** · 03-06-2007, 09:18 PM

just filter them words as shown above & the most common host till the whole tihng gets boring [:

=]

nvrspk4 · 04-06-2007, 03:46 AM

I've put an announcement up: http://www.habboxforum.com/showthrea...07#post3565207

Tell me if you think anything should be added, preferrably by PM as I'll see it first

We are also looking into filtering *********, *********, and www.tinyurl.com (only the whole site so people can warn others about the site itself).

Thanks!

Mentor · 04-06-2007, 05:51 AM

Im slightly confused what people are on about? If its on the habbo page then the problem is probably XSS vunrabilty? and thats habbos fault for designing there webpage crapily, not habboxs or another fan site.

~~@xP~~ · 04-06-2007, 06:55 AM

i was lucky. i went on a session stealer, that was posted in the advertise my site here, but i was not on Habbo and did not log in to it ect.
i don't realy understand what they do, someone explain?

beau03 · 04-06-2007, 01:12 PM

TO REMOVE:

Internet Explorer:

1. LOG OUT of Habbo
2. Tools
3. Internet Options
4. Delete Cookies

Mozilla Firefox

1. Tools (Edit on a Mac)
2. Options
3. Privacy icon
4. Show Cookies
5. Remove All Cookies

Good Luck!

Thread: Session stealers.

Thread Tools

Posting Permissions